fb4b1ed51298447fe611bd2871e5d0f2c165abb2e30e82fba3a45bc70f6d8ee1

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
08/02/2023, 09:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

.html
Size

198KB
MD5

1a8ef4e86e218fc9d2b642044fc1886d
SHA1

9269507eea8497112b06cee52ba41b98d5c42e70
SHA256

fb4b1ed51298447fe611bd2871e5d0f2c165abb2e30e82fba3a45bc70f6d8ee1
SHA512

0f5feb480065dbd489afb34ab0dd7e2f85e7e343d67458219576b3ba8e1d2da88f97d9c022f0f929856af158c78fe8029638e166f693ca5420293294bd39e6c7
SSDEEP

6144:NsEeU7GJwVtfDDKu/F2DdElR5YnDerdpMvxd/dt0lObpczKgLrIeI9:77I39

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3708450355"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3708450355"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3763136863"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31013797"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{07F203EC-A799-11ED-AECB-F6A3911CAFFB} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31013797"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31013797"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "382616102"	iexplore.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3856	firefox.exe
Token: SeDebugPrivilege	3856	firefox.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
504	iexplore.exe
3856	firefox.exe
3856	firefox.exe
3856	firefox.exe
3856	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
3856	firefox.exe
3856	firefox.exe
3856	firefox.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
504	iexplore.exe
504	iexplore.exe
4904	IEXPLORE.EXE
4904	IEXPLORE.EXE
4904	IEXPLORE.EXE
4904	IEXPLORE.EXE
3856	firefox.exe
3856	firefox.exe
3856	firefox.exe
3856	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 504 wrote to memory of 4904	504	iexplore.exe	78
PID 504 wrote to memory of 4904	504	iexplore.exe	78
PID 504 wrote to memory of 4904	504	iexplore.exe	78
PID 4356 wrote to memory of 3856	4356	firefox.exe	98
PID 4356 wrote to memory of 3856	4356	firefox.exe	98
PID 4356 wrote to memory of 3856	4356	firefox.exe	98
PID 4356 wrote to memory of 3856	4356	firefox.exe	98
PID 4356 wrote to memory of 3856	4356	firefox.exe	98
PID 4356 wrote to memory of 3856	4356	firefox.exe	98
PID 4356 wrote to memory of 3856	4356	firefox.exe	98
PID 4356 wrote to memory of 3856	4356	firefox.exe	98
PID 4356 wrote to memory of 3856	4356	firefox.exe	98
PID 3856 wrote to memory of 1636	3856	firefox.exe	101
PID 3856 wrote to memory of 1636	3856	firefox.exe	101
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 1232	3856	firefox.exe	102
PID 3856 wrote to memory of 2424	3856	firefox.exe	103
PID 3856 wrote to memory of 2424	3856	firefox.exe	103
PID 3856 wrote to memory of 2424	3856	firefox.exe	103
PID 3856 wrote to memory of 2424	3856	firefox.exe	103
PID 3856 wrote to memory of 2424	3856	firefox.exe	103
PID 3856 wrote to memory of 2424	3856	firefox.exe	103
PID 3856 wrote to memory of 2424	3856	firefox.exe	103

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:504
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:504 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4904

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4356
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3856.0.796988902\1881937880" -parentBuildID 20200403170909 -prefsHandle 1700 -prefMapHandle 1684 -prefsLen 1 -prefMapSize 219989 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3856 "\\.\pipe\gecko-crash-server-pipe.3856" 1780 gpu
    3⤵
    PID:1636
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3856.3.1737133265\2041357424" -childID 1 -isForBrowser -prefsHandle 1552 -prefMapHandle 1540 -prefsLen 112 -prefMapSize 219989 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3856 "\\.\pipe\gecko-crash-server-pipe.3856" 2460 tab
    3⤵
    PID:1232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3856.13.1236282573\563113730" -childID 2 -isForBrowser -prefsHandle 3744 -prefMapHandle 3688 -prefsLen 6894 -prefMapSize 219989 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3856 "\\.\pipe\gecko-crash-server-pipe.3856" 3760 tab
    3⤵
    PID:2424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3856.20.847598591\1792873260" -childID 3 -isForBrowser -prefsHandle 4592 -prefMapHandle 4588 -prefsLen 7743 -prefMapSize 219989 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3856 "\\.\pipe\gecko-crash-server-pipe.3856" 4604 tab
    3⤵
    PID:5256

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
bd813f25b25946e19e7b3acf153b3674

SHA1
1570516b96c7931bd565ac9102e79e1664216997

SHA256
6c744ffa4555b4c92c632743742782df3e1b9c33004c73247574da26a759ea2c

SHA512
145c738a3702f08d8d307188a4422e3842bc08aced2190f74601d8398d2001cb722e3c32bb6988e35a44a456fb042e6ae833a121da092d21dc2a04683932b47b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
434B

MD5
088a957ab5818bd911f12884038e0559

SHA1
69ecd601bcf2df2b3abd7af6f77670d261b9744b

SHA256
773c70341b53f54d75823809d4eb3d8dbb6d62e46203823b5e861c32d271e54d

SHA512
5a202acf6027d3de09b7df4b6142f99f9f71aacadde032ce80eb01beb52a63fb4b1ab193780ad213ea2d4ce7684d04be9cba4dce4fb4b3228bcd71efd7b4d6fc

Download Submit